Slashdot Mirror

← Back to Stories (view on slashdot.org)

Missing Open Source Security Tools?

Posted by simoniker on from the swiss-army-knife dept.

Kinetic writes "There are many great open source security tools out there, Nmap, Nessus, and DSniff, just to name a few. However, with the world of security constantly changing, this begs the question, what open source security tools are missing? What commercial security tools have no viable open source alternatives? When securing/testing/exploring networks (home or enterprise), what security tools/applications/functionality are lacking (or non-existent) in the open source world?"

7 of 362 comments (clear)

  1. Your favorite tools by TLouden · · Score: 5, Interesting

    Also important, if you don't think anything is missing, or even if you do, what software do you use for security purposes? Anything obscure but useful or unusual uses of common software?

    --
    -Tim Louden
  2. SIMS by WwWonka · · Score: 5, Interesting

    ...what security tools/applications/functionality are lacking (or non-existent) in the open source world?

    How about an open source Security Information Management System (SIMS) Description, Article .

    Something that lets us intergrate, collect, and correlate what the other great tools (Nessus, Snort, Nmap) find.

    1. Re:SIMS by gfunicus · · Score: 5, Interesting

      Have a look here... http://www.ossim.net/

      --
      It's better to regret something you have done that to regret something you haven't done.
  3. Network Forensics by mplex · · Score: 5, Interesting
    This probably is a very good project for the opensource community, but it sure would be cool. I want to see an opensource version of the old SilentRunner product, now carried by Computer Associates.

    eTrustTM Network Forensics captures raw network data and uses advanced forensics analysis to identify how business assets are affected by network exploits, internal data theft, and security or HR policy violations. Its patented technology allows IT and security staff to visualize network activity, uncover anomalous traffic and investigate breaches with a single, convenient solution.

    http://www3.ca.com/Solutions/Product.asp?ID=4856
  4. user by scrotch · · Score: 5, Interesting

    Here's one I just thought of. Maybe it's been made, and maybe 16,000 people will point out why it isn't necessary or that it's built into find or emacs or something. Here goes anyway:

    Write an app that takes a username as input and shows me all the files/directories that user can read or edit or execute. If I run it as root, it shows me All files. If run as me under my account, all of my files that that user could play with. For example:
    shell% sudo fileSecurityCheck -www /
    will show me all files that are deleted when my webserver gets hacked.

  5. Knopix STD all the security all the time by phreak03 · · Score: 5, Interesting

    Get Knopix STD (always a copy in my backpack) A live linux distro aimed at security with up to date packages for the following areas (From the Knopix STD site) http://www.knoppix-std.org/ * authentication * encryption * forensics * firewall * honeypot * ids * network utilities * password tools * servers * packet sniffers * tcp tools * tunnels * vulnerability assessment * wireless tools Turn it into a firewall, a web server, an IDS box, a honeypot. Use it to do data recovery on an dead or locked computer, perform a vulnerability assessment, a penetration test, perform an autopsy on a compromised machine, test your incident response team. Listen to your MP3 collection and play gnugo while waiting for that nessus scan to complete.

    --
    come comment on the madness at http://slashdot.org/~phreak03/journal/
  6. Re:Self Defending Networks? by Master+of+Transhuman · · Score: 5, Interesting

    You think this is funny. Let me tell you a little story.

    I just took this past spring a course in "Network Security". The teacher got hold of a DARPA video on computer security and played it for us at one class session.

    You wouldn't believe this crap. The scenario was a country suspiciously similar to Iraq who set up a computer center with a bunch of Arab terrorist hackers and tried to drop America's infrastructure.

    So, of course, the brilliant and utterly boring (all these people looked like crew-cutted Republicans, it was unbelievable) used all sort of "cutting-edge technology" (that doesn't exist and won't for another two or three decades) to defeat the evil Arabs. It ended with them tracking the evil Arabs to their lair and a bunch of Special Forces guys busting in and shooting up the place (DIE, EVIL HACKERS! DIE!).

    The tech they showed involved a lot of voice-command and voice-response computer systems, all sorts of fancy graphics stuff, and of course something very much like Total Information Awareness that allowed them to know who everybody was no matter who the hell they were. They also had the ability to search out the source of any virus or hacker penetration in minutes and then commandeer the entire US infrastructure to repel the attack.

    Utter bullshit - and I told the teacher so at the end of the video.

    This was a DARPA "wish-list" video with absolutely no relevance to current computer security technology.

    At the end of the semester, I demo'd the Knoppix STD (Security Tools Distribution) to the class. One student asked if this stuff was "all command line". I said, well, it's all servers, and the servers all run UNIX, and servers usually are administered from the command line, so, yes, most of the tools (except for stuff like Ethereal and Nessus) was command line.

    It's a long way from there to DARPA's fantasy land.

    --
    Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!